CNX 200 PDF

Technical Note | eNfusion™ CNX-200 Series 2 Network Accelerator
Acceleration over SwiftBroadband for CNX-200 Series 2 Network

Accelerators
TN-1110-50259
Revision: A00
July 9, 2009
Introduction
This technical note provides information on accelerating traffic over a SBB (SwiftBroadband) satellite
communications connection using a CNX-200 Network Accelerator. Satellite communication systems
upgrading from Swift64 to SwiftBroadband must reconfigure their equipment because SwiftBroadband
is a direct internet connection while Swift64 provides a fully routable private network via ISDN.
The procedures in this technical note provide a guideline to configure the CNX-200 Series 2 Network
Accelerator to route accelerated traffic through a VPN (Virtual Private Network) tunnel. The
configuration of each network is different and the procedures in this technical note may have to be
altered. Therefore, this technical note is intended for users proficient with IP and VPN network design.
Configuring the CNX-200 Series 2 Network Accelerator to accelerate traffic over SBB includes:
• Setting Up the Groundside Hardware
• Configuring the Groundside Hardware
• Setting Up the Airside Hardware
• Configuring the Airside Hardware
Requirements
The hardware requirements for acceleration over SBB are:
• CNX maintenance harness, ECS part number 600-97273-101
• Expand 4800 accelerator (or more recent version)
• Cisco 2800 router
• Network switch
• A broadband compatible satellite communication system (HSD-400 and HSD-440
terminals)
The software requirements for acceleration over SBB are:
• CNX software build 137
• Expand IOS 5.08 or greater
• Secure Cisco IOS, for example, 12.3(14)T7
• A BGAN SIM Card with a Public Fixed IP address
• A public fixed IP address for the ground router
© 2009 EMS Technologies Canada Ltd., 400 Maple Grove road, Ottawa, Ontario, K2V 1B8, CANADA
1
Acceleration over SwiftBroadband for CNX-200 Series 2 Network Accelerators
TN-1110-50259
Revision: A00
Setting Up the Groundside Hardware

This section provides information about setting up the Cisco 2800 router and Expand 4800
accelerator. For installation instructions, refer to the installation manuals and www.cisco.com for
technical support.
To set up the groundside hardware:
1 Connect a crossover RJ-45 cable between the Fast Ethernet 0/0 of the Cisco router and the
Fix IP network jack, LAB-2-012, on the Expand accelerator.
2 Connect a crossover RJ-45 cable between the Fast Ethernet 0/1 of the Cisco router and the
Ethernet 0/1 of the Expand accelerator.
3 Connect a straight RJ-45 cable between the Ethernet 0/0 of the Expand accelerator and the
network switch.
4 Connect the network switch to an internet connection or a corporate web server.
Configuring the Groundside Hardware

Setting up the CNX-200 Series 2 Network Accelerator includes the following procedures:
• Connecting to the Expand accelerator
• Configuring the Expand accelerator
• Connecting to the Cisco router
• Configuring the Cisco router
To connect to the Expand accelerator:
1 Connect a DB-9 cable to the console port of the Expand accelerator.
2 On your computer, click Start, point to Programs, point to Accessories, point to
Communications, and then click HyperTerminal.
The Connection Description window appears.
3 In the Name box, type Expand connect, and then click OK.
The Connect to window appears.
4 In the Connect using list, select COM1, and then click OK.
The COM1 window appears.
5 Enter the recommended terminal connection settings, as shown in Table 1.
© 2009 EMS Technologies Canada Ltd., 400 Maple Grove Road, Ottawa, Ontario, K2V 1B8, CANADA
2
TN-1110-50259
Revision: A00
Table 1: Terminal Connection Settings
PARAMETER SETTING
Bits per second 9600 bps
Data bits 8
Parity None
Stop bits 1
Flow control None
6 Click OK.
To configure the expand accelerator:
1 In the HyperTerminal window, type expand, and then press ENTER.
The Password prompt appears.
2 Type the password Expand, and then press ENTER.
The password is case sensitive.
The Ground_side prompt appears.
3 To access the privilege mode of the accelerator, type en, and then press ENTER.
4 To access configuration mode, type config t, and then press ENTER.
5 Copy the following configuration text and paste it into the HyperTerminal window.
hostname Ground_side
!
interface local
ip address 192.168.3.10 255.255.255.0
ip default-gateway 192.168.3.1
routing-strategy routing-only
!
wan default
bandwidth 400
!
interface link 1
description L-192.168.1.2
bandwidth 400
fragmentation auto 1400
link destination 192.168.1.2
tcp-acceleration
use-global-tcp-acceleration disable
tcp-acceleration enable
typical-rtt 1500
3
TN-1110-50259
Revision: A00
typical-acceleration-rate 400
!
no application expand-internal
application expand-internal tcp 1928
policy-rule 1 global outbound
match application expand-internal
mark tos field 8 mask 254
!
ip route 192.168.1.0 255.255.255.0 192.168.3.1
!
End
6 Type exit, and then press ENTER.
7 To save the configuration, type write, and then press ENTER.
8 To confirm the configuration, type show start, and then press ENTER.
The information in the configuration text is displayed.
To connect the Cisco router:
1 Connect an Ethernet cable to the Console port of the Cisco router.
2 To access the configuration functions of the Cisco router, follow steps 2 to 6 of the Expand
connection procedure on page 2.
To configure the Cisco router:
1 Type en, and then press ENTER.
Depending on the existing configuration, a password prompt could appear. To access
configuration functions, type the password.
2 To access the configuration mode, type config t, and then press ENTER.
3 Copy the following configuration text and paste it in the HyperTerminal window.
IP addresses specific to your system are marked by xxx.xxx.xxx.xxx.
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname RouterB
!
boot-start-marker
boot system flash:c2800nm-advsecurityk9-mz.123-14.T7.bin
boot-end-marker
!
enable secret 5 $1$LBz/$P9ulIaVyoUdKSDN8xSNE4.
enable password cisco
!
no aaa new-model
!
resource policy
!
4
TN-1110-50259
Revision: A00
ip subnet-zero
!
ip cef
no ip dhcp use vrf connected
!
no ip ips deny-action ips-interface
no ip domain lookup
!
no ftp-server write-enable
isdn switch-type basic-net3
!
username ems password 0 ems
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key ciscoxyz address xxx.xxx.xxx.xxx
crypto isakmp ccm
!
crypto ipsec transform-set SAL esp-3des esp-md5-hmac
crypto ipsec transform-set SAL1 esp-3des esp-sha-hmac
crypto ipsec transform-set SAL2 esp-des esp-md5-hmac
crypto ipsec transform-set SAL3 esp-des esp-sha-hmac
crypto ipsec transform-set SAL4 ah-md5-hmac
crypto ipsec transform-set SAL5 ah-sha-hmac
!
crypto map TEST 10 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set SAL
match address 105
!
interface FastEthernet0/0
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
no cdp enable
crypto map TEST
crypto ipsec df-bit clear
crypto ipsec fragmentation before-encryption
no shut
!
interface FastEthernet0/1
ip address 192.168.3.1 255.255.255.0
5
TN-1110-50259
Revision: A00
no ip redirects
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
no cdp enable
no shut
!
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
!
access-list 105 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
!!
!
control-plane
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
scheduler allocate 20000 1000
!
End
Setting Up the Airside Hardware

This section provides instructions on setting up the airside hardware.
To set up the airside hardware:
1 Connect the CNX WAN port to an HSD terminal.
2 Connect an Ethernet cable from the CNX switch to your computer.
3 Connect the P5 maintenance cable connector to your computer.
NOTE: To set up a VPN tunnel, you or your corporate IT department needs a fixed IP, a
crypto key, and a crypto map.
Configuring the Airside Hardware

Configuring the airside hardware includes the following procedures:
• Configuring the CNX VPN
• Configuring the CNX dialer
• Configuring the airside expand module
6
TN-1110-50259
Revision: A00
To configure the CNX VPN:

1 In the computer connected to the Ethernet port of the CNX-200 Series 2 Network
Accelerator, open a web browser.
2 In the address bar, type ems.home, and then press ENTER.
The Welcome page of the EMS Management Console appears.
3 Click Login and enter your username & password.
The System Information page appears once logged in.
4 On the left menu, click Security.
The Internet Protocol Security (IPSec) page appears.
5 In the Add IPsec Connection field, type a connection name and then click Add IPsec
Connection.
The Internet Protocol Security (IPSec) configuration page appears.
6 In the Encryption Method menu, click 3DES.

7 In the Mode menu, click Tunnel.
8 In the Pre-shared Key field, type the pre-shared key.
9 Leave the Local Side settings at the default values.
10 In the Remote Side section, in the Public IP field, type the Public IP address of the ground
side network.
11 In the Subnet field, type the subnet.
7
TN-1110-50259
Revision: A00
12 Click Save Changes, and then click Apply Changes.

13 On the left menu, click Network.
The Network Configuration page appears.
14 In the Add Network field, type a name for the new network, and then click Add Network.
The New Network page appears as shown below
15 Select Show on Connections Page.
16 In the Connection Type menu, click PPPOE.
17 In the IPSec Tunnel menu, click IPsec.
18 In the Service Name field, type BGAN:BACKGROUND.
19 In the Username and Password fields, type your username and password.
20 In the Idle Time field, type 300.
21 In the Retry Period field, type 10.
22 Click Save Changes, and then click Apply Changes.
8
TN-1110-50259
Revision: A00
To configure the airside expand module:

1 To connect to the expand module, follow steps 2 to 6 of the Expand connection procedure
on page 2.
2 In the HyperTerminal window, type expand, and then press ENTER.
The password prompt appears.
3 Type the password Expand, and then press ENTER.
The password is case sensitive.
The air_side prompt appears.
4 Type en, and then press ENTER.
5 To access the configuration mode type config t, and then press ENTER.
6 Copy the following configuration text and paste it into the HyperTerminal window.
hostname air_side
!
interface local
description 192.168.3.10
ip address 192.168.1.2 255.255.255.0
ip default-gateway 192.168.1.1
deployment onlan
routing-strategy routing-only
!
interface link 1
bandwidth 400
fragmentation auto 1400
link destination 192.168.3.10
9
TN-1110-50259
Revision: A00
subnet add 0.0.0.0 0.0.0.0

tcp-acceleration
use-global-tcp-acceleration disable
tcp-acceleration enable
typical-round-trip 1500
typical-acceleration-rate 400
!
!
no application expand-internal
application expand-internal tcp 1928
policy-rule 1 global outbound
match application expand-internal
mark tos field 8 mask 254
!
ip route 192.168.3.10 255.255.255.255 192.168.1.1
End
9 To confirm the configuration, type show start, and then press ENTER.
The information in the configuration text is displayed.
Configuring acceleration over SBB is complete.
10

CNX 200 PDF

Uploaded by

Copyright:

Available Formats

You might also like

CNX 200 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CNX 200 PDF

Uploaded by

Copyright:

Available Formats

Technical Note | eNfusion™ CNX-200 Series 2 Network Accelerator

Acceleration over SwiftBroadband for CNX-200 Series 2 Network

Setting Up the Groundside Hardware

Configuring the Groundside Hardware

Table 1: Terminal Connection Settings

Bits per second 9600 bps

Flow control None

Setting Up the Airside Hardware

Configuring the Airside Hardware

To configure the CNX VPN:

6 In the Encryption Method menu, click 3DES.

12 Click Save Changes, and then click Apply Changes.

To configure the airside expand module:

subnet add 0.0.0.0 0.0.0.0

You might also like